Rational Rhapsody Design Manager@6.0.3 Security Vulnerabilities and Issues — Rational Rhapsody Design Manager@6.0.3 CVE List

Lucene search

IbmRational Rhapsody Design Manager6.0.3

35 matches found

CVE•added 2017/06/13 7:29 p.m.•70 views

CVE-2017-1099

IBM Jazz Foundation could expose potentially sensitive information to authenticated users through stack trace error conditions. IBM X-Force ID: 120659.

4.3CVSS4.9AI score0.35506EPSS

CVE•added 2017/11/27 9:29 p.m.•57 views

CVE-2016-6024

IBM Jazz technology based products might divulge information that might be useful in helping attackers through error messages. IBM X-Force ID: 116868.

4.3CVSS5.1AI score0.0013EPSS

CVE•added 2018/07/06 2:29 p.m.•50 views

CVE-2017-1237

IBM Jazz based applications are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124355.

5.4CVSS5.2AI score0.00182EPSS

CVE•added 2017/12/11 9:29 p.m.•49 views

CVE-2017-1507

IBM Jazz Foundation Products could disclose sensitive information during a scan that could lead to further attacks against the system. IBM X-Force ID: 129619.

4.3CVSS4.1AI score0.0013EPSS

CVE•added 2018/07/06 2:29 p.m.•49 views

CVE-2017-1509

IBM Jazz Foundation products could allow an authenticated user to obtain sensitive information from a stack trace that could be used to aid future attacks. IBM X-Force ID: 129719.

4.3CVSS4.3AI score0.00137EPSS

CVE•added 2017/06/13 7:29 p.m.•47 views

CVE-2016-9973

IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120209.

5.4CVSS5.2AI score0.00255EPSS

CVE•added 2017/11/27 9:29 p.m.•47 views

CVE-2017-1240

IBM Rhapsody DM products could reveal sensitive information in HTTP 500 Internal Server Error responses. IBM X-Force ID: 124359.

4.3CVSS4.2AI score0.00177EPSS

CVE•added 2018/07/06 2:29 p.m.•47 views

CVE-2017-1559

Multiple IBM Rational products could disclose sensitive information by an attacker that intercepts vulnerable requests. IBM X-Force ID: 131758.

4.3CVSS5.6AI score0.00179EPSS

CVE•added 2018/07/19 2:29 p.m.•47 views

CVE-2018-1587

IBM Rational Rhapsody Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 and IBM Rational Software Architect Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.1 could reveal technical error messages to allow an adversary to gain information about the application and database that could be us...

4.3CVSS5AI score0.00151EPSS

CVE•added 2017/11/27 9:29 p.m.•46 views

CVE-2017-1251

An undisclosed vulnerability in CLM applications may result in some administrative deployment parameters being shown to an attacker. IBM X-Force ID: 124631.

4.3CVSS4.4AI score0.0013EPSS

CVE•added 2017/11/27 9:29 p.m.•46 views

CVE-2017-1570

IBM Jazz Foundation products could allow an authenticated user to obtain sensitive information from stack traces. IBM X-Force ID: 131852.

4.3CVSS4.1AI score0.00178EPSS

CVE•added 2018/04/24 2:29 p.m.•46 views

CVE-2017-1700

IBM Jazz Team Server affecting the following IBM Rational Products: Collaborative Lifecycle Management (CLM), Rational DOORS Next Generation (RDNG), Rational Engineering Lifecycle Manager (RELM), Rational Team Concert (RTC), Rational Quality Manager (RQM), Rational Rhapsody Design Manager (Rhapsody...

6.5CVSS6.2AI score0.00269EPSS

CVE•added 2018/04/24 2:29 p.m.•46 views

CVE-2017-1725

4.3CVSS4.7AI score0.00252EPSS

CVE•added 2017/03/31 6:59 p.m.•45 views

CVE-2016-9707

IBM Jazz Foundation is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM Reference #: 2000784.

8.1CVSS8.1AI score0.00359EPSS

CVE•added 2017/07/24 9:29 p.m.•44 views

CVE-2017-1287

IBM Rhapsody DM 5.0 and 6.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web sit...

5.4CVSS5.1AI score0.00096EPSS

CVE•added 2018/07/06 2:29 p.m.•44 views

CVE-2017-1488

An undisclosed vulnerability in Jazz common products exists with potential for information disclosure. IBM X-Force ID: 128627.

5.3CVSS4.9AI score0.00187EPSS

CVE•added 2017/07/24 9:29 p.m.•43 views

CVE-2017-1249

IBM Rhapsody DM 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

5.4CVSS5.8AI score0.002EPSS

CVE•added 2018/08/20 9:29 p.m.•42 views

CVE-2017-1753

Multiple IBM Rational products are vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 135655.

5.4CVSS5.5AI score0.00078EPSS

CVE•added 2018/08/20 9:29 p.m.•42 views

CVE-2018-1394

Multiple IBM Rational products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138425.

5.4CVSS5.2AI score0.00105EPSS

CVE•added 2017/07/24 9:29 p.m.•41 views

CVE-2016-8975

5.4CVSS5.2AI score0.00269EPSS

CVE•added 2018/02/21 9:29 p.m.•41 views

CVE-2017-1462

5.4CVSS5.2AI score0.00375EPSS

CVE•added 2018/07/19 2:29 p.m.•41 views

CVE-2018-1585

IBM Rational Rhapsody Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 and IBM Rational Software Architect Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus alter...

5.4CVSS5.2AI score0.00158EPSS

CVE•added 2018/11/06 4:29 p.m.•41 views

CVE-2018-1694

IBM Jazz applications (IBM Rational Collaborative Lifecycle Management 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational DOORS Next Generation 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Quality Manager 5...

5.9CVSS5.4AI score0.00266EPSS

CVE•added 2018/04/24 2:29 p.m.•40 views

CVE-2017-1734

4.3CVSS4.5AI score0.0021EPSS

CVE•added 2018/07/10 4:29 p.m.•39 views

CVE-2018-1423

IBM Jazz Foundation products could disclose sensitive information to an authenticated attacker that could be used in further attacks against the system. IBM X-Force ID: 139026.

6.5CVSS6.1AI score0.00186EPSS

CVE•added 2018/07/10 4:29 p.m.•39 views

CVE-2018-1492

IBM Jazz Foundation products could allow a user with physical access to the system to log in as another user due to the server's failure to properly log out from the previous session. IBM X-Force ID: 140977.

6.8CVSS6.3AI score0.00051EPSS

CVE•added 2018/06/06 5:29 p.m.•38 views

CVE-2018-1456

IBM Rhapsody DM 5.0 through 5.0.2 and 6.0 through 6.0.5 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 140091.

7.1CVSS7AI score0.00377EPSS

CVE•added 2018/11/06 4:29 p.m.•38 views

CVE-2018-1606

IBM Jazz based applications (IBM Rational Collaborative Lifecycle Management 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational DOORS Next Generation 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Quality Man...

4.3CVSS4.3AI score0.00184EPSS

CVE•added 2017/07/24 9:29 p.m.•37 views

CVE-2017-1245

IBM Rational Software Architect Design Manager 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-F...

5.4CVSS5.2AI score0.00198EPSS

CVE•added 2018/07/19 2:29 p.m.•36 views

CVE-2018-1535

5.4CVSS5.2AI score0.00158EPSS

CVE•added 2018/07/19 2:29 p.m.•36 views

CVE-2018-1536

5.4CVSS5.2AI score0.00158EPSS

CVE•added 2020/02/19 4:15 p.m.•36 views

CVE-2019-4457

IBM Jazz Foundation 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, and 6.0.6.1 could allow an authenticated user to obtain sensitive information that could be used in further attacks against the system. IBM X-Force ID: 163654.

6.5CVSS6.5AI score0.00246EPSS

CVE•added 2017/06/08 9:29 p.m.•35 views

CVE-2016-9698

IBM Rhapsody DM 4.0, 5.0, and 6.0 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM Reference...

8.1CVSS8.1AI score0.00556EPSS

CVE•added 2017/07/05 6:29 p.m.•32 views

CVE-2016-9700

IBM Jazz Foundation could allow an authenticated attacker to obtain sensitive information from error message stack traces. IBM X-Force ID: 119528.

4.3CVSS4.1AI score0.00177EPSS

CVE•added 2017/05/15 9:29 p.m.•29 views

CVE-2016-9735

IBM Jazz Foundation could allow an authenticated user to obtain sensitive information from stack traces. IBM X-Force ID: 119781,

4.3CVSS4.1AI score0.00204EPSS